SSHD Error Message CVE-2018-15473
Detects exploitation attempt using public exploit code for CVE-2018-15473
Sigma rule (View on GitHub)
1title: SSHD Error Message CVE-2018-15473
2id: 4c9d903d-4939-4094-ade0-3cb748f4d7da
3status: test
4description: Detects exploitation attempt using public exploit code for CVE-2018-15473
5references:
6 - https://github.com/Rhynorater/CVE-2018-15473-Exploit
7author: Florian Roth (Nextron Systems)
8date: 2017-08-24
9modified: 2021-11-27
10tags:
11 - attack.reconnaissance
12 - attack.t1589
13logsource:
14 product: linux
15 service: sshd
16detection:
17 keywords:
18 - 'error: buffer_get_ret: trying to get more bytes 1907 than in buffer 308 [preauth]'
19 condition: keywords
20falsepositives:
21 - Unknown
22level: medium
References
-
Exploit written in Python for CVE-2018-15473 with threading and export formats - Rhynorater/CVE-2018-15473-Exploit
Read More
Related rules
- Azure AD Account Credential Leaked
- AADInternals PowerShell Cmdlets Execution - ProccessCreation
- AADInternals PowerShell Cmdlets Execution - PsScript
- Bitbucket User Details Export Attempt Detected
- Bitbucket User Permissions Export Attempt